The Role of HIM profession in the 21st Century

 HIM professionals have critical roles to ensuring conformity with legal mandates applicable to the security and privacy of patient information. This has however proven to be challenging as a consequence of a constantly changing regulatory and legislative environment. Most important, and of greatest familiarity and popularity to the general public, are the privacy obligations of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. A number of the concerns discussed below have been raised by HIM professionals in the management of health information.

Privacy Concerns

Health records and other medical information contain patients’ personal data such as health conditions; sexual history, psychiatric diagnoses substance abuse issues and that could be embarrassing if disclosed to unauthorized parties. Therefore, the organizations’ structures that define storage systems and manage the level of access to health information often are posed with the challenge of ensuring sensitivity and confidentiality considerations. The privacy issues have been a challenge to many organizations as some always think that it may be more convenient to avail information to a large pool of vendors and employees while ignoring the fact that ethical practices demand limited access of clients’ records and information, however inconvenient it may be, in order to preserve the confidentiality and privacy of patients.

 Accuracy Issues

Concerns have been presented about the accuracy, quality and reliability of data and information entered into the health information systems. While health records and information can give valuable data to enhance patient care, inaccurate information have the potential of harming patients. Errors that result from omissions of dose, duration and frequency information can particularly affect patients. It is usually a challenge because some of the omissions are as a result of human error while sometimes it may occur as a result of unqualified staff engaging in such duties. In 2011, the Agency for Healthcare Research and Quality confirmed that at least 1 out of 10 outpatient computerized prescriptions had at least one error. Out of 3,850 prescriptions analyzed by researchers over a four-week period, 452 errors were realized and more than 33 percent of these errors could have resulted in adverse drug reaction.

Security Concerns

The growing concern over the security of health information results from the rise of EHRs, dominant use of mobile devices, medical identity theft as well as the widely anticipated exchange of information between and among clinicians, organizations, patients and federal agencies. Security violations through mobile device theft pose a security as well as an ethical challenge in the management of health information. For instance, on Jan. 9, 2013, a computer with medical records for approximately 57,000 patients (pediatric) was stolen from a person who was serving as a physician at Lucille Packard Children’s Hospital and Stanford University School of Medicine in Palo Alto, California. This was risky for the patients as it exposed their details to unknown people for unknown motives.

Why Privacy, Security and Accuracy concerns pose a challenge to HIIM

These issues pose a challenge to the HIIM professionals because they are obligated to ensure patients’ satisfaction through maintaining the security, privacy, accuracy and confidentiality of their health information and records. If patients’ expectation is undermined, they may end up not being straightforward with the doctor. For the clients/patients to trust the clinician, records in the office must be fully protected. Medical personnel must be aware of the measures necessary for the protection and security of their patient data as well as the data within their practices.  Richard Rognehaugh states that it is the right of persons to keep information about themselves from being public to others. An individual has the right to be protected from interference from other parties, the government and organizations. The HIIM professionals must ensure that the information and data that is shared from a medical relationship is regarded confidential and must be protected.

Patient information and records should be disclosed to others only with the permission of the patient or as allowed by law.                                                                                                                  Under the HIPAA Security and Privacy Rules, employers are held responsible for the deeds and practices of their employees. For instance, in the year 2011, it was realized that workers of the UCLA health system had gained access to celebrities’ information without the necessary authorization. In that case, UCLA failed to employ the security procedures sufficient to reduce the risks of unauthorized access to protected health information by unofficial users to a practical and suitable level. The health system settled privacy and security breaches with the U.S. Department of Health and Human Services Office for Civil Rights (OCR) for $865,000. Such liabilities become challenges to HIIM professionals.

How HIIM professionals can address ethical challenges  

Given the challenges that various HIIM professionals face, a range of measures can be used to deal with such concerns. In the instances where there exist accuracy concerns especially with regard to electronic Health Records, ethical health-care management is achieved through the implementation of computer design features (“forcing functions”), that do not allow users to skip data fields.

Ethical administration of health information must take into account defensive measures, such as scanning for malware and viruses, to ensure the security and accuracy of health information. Ethical management of health information encompasses such strategies as encrypting data so unnecessary individuals cannot decipher it. Additionally, the implementation of remote data wipes is necessary for deleting information especially when mobile devices or laptops are stolen from medical employees.

Controlling or limiting access to health information is crucial but not satisfactory enough for ensuring confidentiality, therefore, additional security approaches such as extensive training and strong security and privacy legislations or policies and procedures are necessary to securing patient information. Respect for the confidentiality and privacy of persons follows from the AHIMA Code of Ethics which clearly stipulates the principles within which Health Information Management should be based. Confidentiality may be violated and privacy may be invaded by releasing or revealing information that can be used to expose or identify a person to irrelevant or even hostile responses or reactions from other people. Therefore, there is a need to protect such information from being scattered. Conversely, in the case where the information is necessary for the discovery or prevention of health risks at the places of work, there emanates a need to protect the health of employees who might be exposed to the same risks while at work. HIM professionals have the challenge of developing their knowledge and skills further into the information technology field to ensure that electronic patient health records/ information is appropriately safeguarded. As electronic systems become more and more powerful and multifaceted with information being shared all over the health platforms through health information exchange (HIE), the capacity to avoid and monitor improper access through the use of different types of controls becomes critical.

Privacy, accuracy and security are vital success factors in the efforts geared towards efficient the management of patients’ health information and records.  Further, the protection of patients’ information is one the national agendas for the 21st century through regulatory and legislative changes as well as private and governmental initiatives. As the industry consistently grows, the HIM professionals are positioned to develop in the role of security and privacy advocate. HIM professionals who are present in this advocacy function are varied, including corporate and organizational privacy officers, change agents in policy development, compliance officers, advocates for security and privacy assurances even as EHR systems are under implementation and the need for information increase and become more diverse.